An acceptable business class wireless network requires aggressive management of an organization's radio frequency (RF) footprint and bandwidth. The employees in your office -- wherever they're located in the building -- will need to have network services readily available to them.

After revealing the two most important qualities of an enterprise network service, Joel Snyder of Opus One reviews how to provide sufficient bandwith for users' needs.

Read the full text transcript from this video below. Please note the full transcript is for reference only and may include limited inaccuracies. To suggest a transcript correction, contact editor@searchsecurity.com.

How to increase the RF footprint and bandwidth of a wireless network

Joel Snyder: Another issue of security in wireless networks is management of the RF footprint and the RF bandwidth. This you have to be very aggressive on to provide an acceptable business class service. Now I’m defining availability and usability as part of building a secure wireless network, in order for a network to be a business class secure network it has to have sufficient bandwidth for the user's needs. What that means is that the user has to be able to connect from wherever they want to connect and have all the bandwidth that they need. That does not mean that you walk around the building with your laptop, associate with the SSID and try to ping and say, 'Yes, I can ping, so I guess everything is OK.' True bandwidth means true bandwidth, all the way out of the edges. In addition, the network has to be where the users are and where the users want to use it. That does not mean, again, that you walk around with your laptop and you say, "Yes, I see the SSID. I guess this is OK,' it means that you can actually connect up and get that bandwidth. When you build a good wireless service, that makes it a good secure wireless service, it is secure from the point of view of the enterprise not from the techy geek that might be thinking only about WPA2. It has to be up, because wireless will become critical in most enterprises. If you have not come to that realization yet, you will over the short term, trust me. Opinions about wireless will change like that, as soon as people really see good business cases for it and they are changing as quickly as these presentations are going through.

This requires you to have a new paradigm, which is looking at the RF and looking at the bandwidth. This can be difficult because most of us are not electrical or RF engineers, we might have a little bit of engineering background, we might be from CS, might have a business degree, or maybe none of that. In any case, very few people in the IT business are true RF engineers, which means you are going to have to learn about RF. Things that you have to understand are that it is very difficult to predict how a wireless network is going to change over time. You cannot just set it up and say, 'OK. I am done. I am never going to look at it again,' because people, enormous bags of water that really affect the RF, are moving around your system, your building, you got file cabinets and other surfaces that are going to start bouncing stuff around. You have interference with other sources, that microwave in the break room, they change out the microwave, now you suddenly might have a wireless problem every time someone heats up a cup of coffee. You have to be efficient in your use of limited bandwidth and you have to be careful about thinking about wireless. It is very easy to plug in an access point but it is very difficult to build an enterprise class wireless network.

I got a simple story about a team that had to do a data center move. They worked for six months, 40 hours a week working hard, hard, hard all the time, maybe 60 hours a week, whatever it was. After 6 months they shut the machines down on Friday at 5:00, on Saturday at 8:00 a.m. the machines were back up, and on Monday morning, no one said anything. Same team, a week later went down to Best Buy and bought a $10.00 access blunt plugged it in, in the break room, and all of a sudden people are walking up to the IT people saying, 'Thank you for wireless. We love you. You did a great job.' Plugging in an access point does not necessarily mean that you are going to have a secure wireless network, but on the other hand, giving people wireless will make them love you a lot more then moving their data center without any interruptions.

Let us talk about total bandwidth. I do not know how many of you that are watching this are old timers, as you can see, I have a certain amount of grey myself, but wireless is like the bad old days of 10 megabit hubs. We have shared bandwidth, we have the potential for meltdowns, and we have a half duplex communications channel. If you take a look this picture here, you see I got a couple of laptops hanging around an access point, and that is OK. As I add more users, now I am worried about this half duplex thing, each one can only send or receive. There can only be one person talking at a time; you do not get full duplex like you have for the switch channel, things that we are so used to doing. Your total throughput is going to be in the 20 to 40 megabit range if you got 80211g or a, that is assuming that everything works great. If adding users to the network is important, you are going to find that everyone gets less bandwidth because we are sharing this channel.

Take a look at this case here. I got some user at the very bottom of the screen, he, or she, is connected up to this access point from a far distance. What does that mean? That is going to mean that their packets are going to be transmitting at 1 or 2 megabits per second. A packet that is transmitted at 11 megabits a second is so long, a packet that is transmitted at 2 megabytes a second is 5 times as long, which means that this user is talking very slowly. When they are talking, no one else can talk, which means that that user is the equivalent to adding 5 users to the inside of the network. You have to worry about how far away people are and when they are using their wireless, someone on the edge can hog the whole network and basically make life bad for everyone and that someone could be some device that is a wireless device on a person's desk that is just pinging every once in awhile or doing some email downloads, like a cell phone or something like that.

I drew this picture using 80211b, because I only have so much of my life's time devoted to doing PowerPoint and with G, I would have another 8 circles. I just drew 4 circles, but the picture is exactly the same for 80211g, it is the same for 80211a. The picture says that at the point that is closest to the access point you get the best bandwidth as you throughput, as you get further away, you connect up at slower and slower speeds. What does this mean? Take a look at this picture here; this is what I call the naive layout. This is someone who says, 'I can connect up and ping everywhere within all of the boundaries of the blue, purple, green, and light blue circles, everywhere that you see here. We got no coverage holes, everyone can get on the wireless network.' This is what we get in hotels, really, really bad coverage mask. The problem is that everyone who is outside of those core areas, everyone that is in the red, is in this ghetto poor neighborhood of bad throughput, they are not getting a good signal. What does that mean? That means that if I overlay a standard building floor plan on top of this picture, you will see, I am trying to point somehow, but I cannot really do that, you will see that most of the offices in this picture, if you start looking at it yourself, are in the red. They are not in these wonderful core areas where we are giving them good throughput; they are in the bad parts of the wireless network which means they are not getting good service. They are second class citizens in your wireless network.

You want to build a secure network where secure means available. Take a look at this, this picture here shows you 4 radios laid out on this network, 4 is not good enough because most people are going to be in that red area. Instead, you would actually need to lay out a minimum of 12 radios just to get the good coverage to cover that rectangle that I have shown you as part of the building plan. In addition to the 12, you are going to have to spare radios, as well. Just a simple wireless survey that says, 'Yes, I can see the SSID and associate.' If you are not getting it at high speeds, you are not giving people a business class network; therefore, the network is not a secure network. You can also go to 80211a. 80211a is great technology, you get more channels, which is nice, so you can pack things a little tighter, but it is actually less resilient then a BNG because the higher frequency falls off more quickly with distance. 80211a is nice because not everyone has a so you can run both radios at the same time to get even more throughput, but you have to be careful to engineer for 80211a's tighter distance limitations compared to 80211b/g on the 2.4 range.

This graph is another one that I would like focus on for just a couple of seconds. Turning up the power on your access points does not help, in fact, it actually hurts. In this graph, you can see there is a peak where the power is at a mid-level, and we actually get the best signal strength or best throughput. Why does this peak occur at the middle and not at the edge? The reason is that with wireless, we want to have just enough power to get from the access point to the user and no more. If I am shouting and I got lots and lots of power, what happens is the user sees the signal, in addition, it bounces off the wall and it goes out the window and it bounces off another building, and it bounces off in the other direction because it is on the directional. All of a sudden the user is seeing multiple copies of the same information, but of course, offset in time because of that whole speed of light thing that we have not been able to do anything about, this is called multipath interference. Suddenly, the user is getting a poor signal, because they are seeing too many copies, because you have too much power. You actually want to get the power turned down so that it is just enough to reach the user and not anymore, and that is actually where you are going to get the best throughput.

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy